✨ flux notifications

2025-09-17 18:24:14 +02:00 · 2022-09-13 00:06:52 +02:00
parent 8a342bdf28
commit 7dc2983903
21 changed files with 182 additions and 173 deletions
--- a/cluster/core/flux-system/webhook/github/ingress.yaml
+++ b/cluster/core/flux-system/webhook/github/ingress.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: webhook-receiver
+  namespace: flux-system
+  annotations:
+    external-dns.alpha.kubernetes.io/target: "services.${SECRET_DOMAIN}."
+    external-dns/is-public: "true"
+spec:
+  ingressClassName: "nginx"
+  rules:
+    - host: "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
+      http:
+        paths:
+          - path: /hook/
+            pathType: Prefix
+            backend:
+              service:
+                name: webhook-receiver
+                port:
+                  number: 80
+  tls:
+    - hosts:
+        - "flux-webhook.${SECRET_CLUSTER_DOMAIN}"
--- a/cluster/core/flux-system/webhook/github/kustomization.yaml
+++ b/cluster/core/flux-system/webhook/github/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - secret.sops.yaml
+  - ingress.yaml
+  - receiver.yaml
--- a/cluster/core/flux-system/webhook/github/receiver.yaml
+++ b/cluster/core/flux-system/webhook/github/receiver.yaml
@@ -0,0 +1,42 @@
+---
+apiVersion: notification.toolkit.fluxcd.io/v1beta1
+kind: Receiver
+metadata:
+  name: home-ops
+  namespace: flux-system
+spec:
+  type: github
+  events:
+    - ping
+    - push
+  secretRef:
+    name: github-webhook-token
+  resources:
+    - apiVersion: source.toolkit.fluxcd.io/v1beta2
+      kind: GitRepository
+      name: flux-cluster
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: apps
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: charts
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: configuration
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: core
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: flux-cluster
+      namespace: flux-system
+    - apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+      kind: Kustomization
+      name: crds
+      namespace: flux-system
--- a/cluster/core/flux-system/webhook/github/secret.sops.yaml
+++ b/cluster/core/flux-system/webhook/github/secret.sops.yaml
@@ -0,0 +1,28 @@
+# yamllint disable
+apiVersion: v1
+kind: Secret
+metadata:
+    name: github-webhook-token
+    namespace: flux-system
+stringData:
+    token: ENC[AES256_GCM,data:sOQJblO3+4fugmRCsIhO2I0PslY=,iv:3UwQESwwtES5puzfqulXOhr2T2OpLRdYehCclNqpjOU=,tag:alJVHdqTdqIvLCdOGEOeDA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hhurqwmfvl9m3vh3hk8urulfzcdsrep2ax2neazqt435yhpamu3qj20asg
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cXVUWXpjdXUveGE5M3Bl
+            SzVhQ0phSlVMN0tMMDZRUnM1UXFpbktxd3pzCkZwQ2dmSys4L0UrREtMekJwUkNC
+            amovOWJBdEs5aTZSZVkxeHliTTk2VEEKLS0tIG8xb0dKRGZyc0VSU0RMZ01HdkFk
+            dVJzZGNrWFhoVmd0MnVUbHpKdU1XcDQKLD4TlyCxE57RFvUFqLDuhsEyoBC+12Yu
+            IZzMQYI6bDVnsfv3BzlYAm4qHHPUnhtUX3Wdx/u5ZwOlpxcyBUqNFg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2022-09-12T21:49:31Z"
+    mac: ENC[AES256_GCM,data:QFYMnuqU3PkGMdT0ndKQLEshO6APk6spSuR0Zjx1f9k+eYyvUwLQOszECl0kACFoxQeeHlB7kNqRWAT158uO8gUajdvHNBkDr7H10S3AeeVtXIB2m/9NWYaBpksoP+rjd0CnUq27FQvBZJVl0l6QtKywcfJDZLctGOzUa86okyk=,iv:kXJc9RCQ9RuV2CSkziwQBMmNAx8q03++B4WVTrU4v/Y=,tag:BDmIcDbx5yE2OACbn/nRbw==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.7.3